Launchpad.net

CVE 2015-8374

fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.

Related bugs and status

CVE-2015-8374 (Candidate) is related to these bugs:

Bug #1521273: CVE-2015-8374

		In	Importance	Status
1521273	CVE-2015-8374	linux (Ubuntu)	Low	Fix Released
1521273	CVE-2015-8374	linux-fsl-imx51 (Ubuntu)	Low	Invalid
1521273	CVE-2015-8374	linux-mvl-dove (Ubuntu)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-backport-maverick (Ubuntu)	Undecided	New
1521273	CVE-2015-8374	linux-lts-backport-natty (Ubuntu)	Undecided	New
1521273	CVE-2015-8374	linux-ti-omap4 (Ubuntu)	Low	Invalid
1521273	CVE-2015-8374	linux-ec2 (Ubuntu)	Low	Invalid
1521273	CVE-2015-8374	linux (Ubuntu Xenial)	Low	Fix Committed
1521273	CVE-2015-8374	linux-ec2 (Ubuntu Xenial)	Low	Invalid
1521273	CVE-2015-8374	linux-fsl-imx51 (Ubuntu Xenial)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-backport-maverick (Ubuntu Xenial)	Undecided	New
1521273	CVE-2015-8374	linux-lts-backport-natty (Ubuntu Xenial)	Undecided	New
1521273	CVE-2015-8374	linux-mvl-dove (Ubuntu Xenial)	Low	Invalid
1521273	CVE-2015-8374	linux-ti-omap4 (Ubuntu Xenial)	Low	Invalid
1521273	CVE-2015-8374	linux (Ubuntu Wily)	Low	Fix Released
1521273	CVE-2015-8374	linux-ec2 (Ubuntu Wily)	Low	Invalid
1521273	CVE-2015-8374	linux-fsl-imx51 (Ubuntu Wily)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-backport-maverick (Ubuntu Wily)	Undecided	New
1521273	CVE-2015-8374	linux-lts-backport-natty (Ubuntu Wily)	Undecided	New
1521273	CVE-2015-8374	linux-mvl-dove (Ubuntu Wily)	Low	Invalid
1521273	CVE-2015-8374	linux-ti-omap4 (Ubuntu Wily)	Low	Invalid
1521273	CVE-2015-8374	linux (Ubuntu Vivid)	Low	Fix Released
1521273	CVE-2015-8374	linux-ec2 (Ubuntu Vivid)	Low	Invalid
1521273	CVE-2015-8374	linux-fsl-imx51 (Ubuntu Vivid)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-backport-maverick (Ubuntu Vivid)	Undecided	New
1521273	CVE-2015-8374	linux-lts-backport-natty (Ubuntu Vivid)	Undecided	New
1521273	CVE-2015-8374	linux-mvl-dove (Ubuntu Vivid)	Low	Invalid
1521273	CVE-2015-8374	linux-ti-omap4 (Ubuntu Vivid)	Low	Invalid
1521273	CVE-2015-8374	linux (Ubuntu Trusty)	Low	Fix Released
1521273	CVE-2015-8374	linux-ec2 (Ubuntu Trusty)	Low	Invalid
1521273	CVE-2015-8374	linux-fsl-imx51 (Ubuntu Trusty)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-backport-maverick (Ubuntu Trusty)	Undecided	New
1521273	CVE-2015-8374	linux-lts-backport-natty (Ubuntu Trusty)	Undecided	New
1521273	CVE-2015-8374	linux-mvl-dove (Ubuntu Trusty)	Low	Invalid
1521273	CVE-2015-8374	linux-ti-omap4 (Ubuntu Trusty)	Low	Invalid
1521273	CVE-2015-8374	linux (Ubuntu Precise)	Low	Fix Released
1521273	CVE-2015-8374	linux-ec2 (Ubuntu Precise)	Low	Invalid
1521273	CVE-2015-8374	linux-fsl-imx51 (Ubuntu Precise)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-backport-maverick (Ubuntu Precise)	Undecided	Won't Fix
1521273	CVE-2015-8374	linux-lts-backport-natty (Ubuntu Precise)	Undecided	Won't Fix
1521273	CVE-2015-8374	linux-mvl-dove (Ubuntu Precise)	Low	Invalid
1521273	CVE-2015-8374	linux-ti-omap4 (Ubuntu Precise)	Low	Fix Released
1521273	CVE-2015-8374	linux-lts-trusty (Ubuntu)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-trusty (Ubuntu Precise)	Low	Fix Released
1521273	CVE-2015-8374	linux-lts-trusty (Ubuntu Trusty)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-trusty (Ubuntu Vivid)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-trusty (Ubuntu Wily)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-trusty (Ubuntu Xenial)	Low	Invalid
1521273	CVE-2015-8374	linux-armadaxp (Ubuntu)	Low	Invalid
1521273	CVE-2015-8374	linux-armadaxp (Ubuntu Precise)	Low	Fix Released
1521273	CVE-2015-8374	linux-armadaxp (Ubuntu Trusty)	Low	Invalid
1521273	CVE-2015-8374	linux-armadaxp (Ubuntu Vivid)	Low	Invalid
1521273	CVE-2015-8374	linux-armadaxp (Ubuntu Wily)	Low	Invalid
1521273	CVE-2015-8374	linux-armadaxp (Ubuntu Xenial)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-wily (Ubuntu)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-wily (Ubuntu Precise)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-wily (Ubuntu Trusty)	Low	Fix Released
1521273	CVE-2015-8374	linux-lts-wily (Ubuntu Vivid)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-wily (Ubuntu Wily)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-wily (Ubuntu Xenial)	Low	Invalid
1521273	CVE-2015-8374	linux-goldfish (Ubuntu)	Low	New
1521273	CVE-2015-8374	linux-goldfish (Ubuntu Precise)	Low	Invalid
1521273	CVE-2015-8374	linux-goldfish (Ubuntu Trusty)	Low	Invalid
1521273	CVE-2015-8374	linux-goldfish (Ubuntu Vivid)	Low	Won't Fix
1521273	CVE-2015-8374	linux-goldfish (Ubuntu Wily)	Low	New
1521273	CVE-2015-8374	linux-goldfish (Ubuntu Xenial)	Low	New
1521273	CVE-2015-8374	linux-lts-saucy (Ubuntu)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-saucy (Ubuntu Precise)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-saucy (Ubuntu Trusty)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-saucy (Ubuntu Vivid)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-saucy (Ubuntu Wily)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-saucy (Ubuntu Xenial)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-quantal (Ubuntu)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-quantal (Ubuntu Precise)	Low	Invalid
1521273	CVE-2015-8374	linux-lts-quantal (Ubuntu Trusty)	Low	Invalid

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2015112...
CONFIRM: http://git.kernel.org/...
CONFIRM: http://www.kernel.org/...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://github.com/tor...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 78219
UBUNTU: USN-2886-1
UBUNTU: USN-2887-1
UBUNTU: USN-2887-2
UBUNTU: USN-2888-1
UBUNTU: USN-2889-1
UBUNTU: USN-2889-2
UBUNTU: USN-2890-1
UBUNTU: USN-2890-2
UBUNTU: USN-2890-3
SECTRACK: 1034895
DEBIAN: DSA-3426
REDHAT: RHSA-2016:2574
REDHAT: RHSA-2016:2584